More than 400 systems compromised in Microsoft hacking spree, researchers find

Driving the news: Microsoft says at least three China-based hacking groups, including two government teams, have been exploiting a flaw in on-premise SharePoint servers since at least July 7.

• The National Nuclear Security Administration, which is responsible for maintaining the country's cache of nuclear weapons, is among the victims, according to Bloomberg.
• The National Institutes of Health and several other government agencies, energy companies and universities have also been broken into, according to the Washington Post.
• The Chinese embassy said in a statement Tuesday that "we firmly oppose smearing others without solid evidence."

Zoom in: Researchers at Eye Security said in a blog post Thursday that they've scanned more than 23,000 vulnerable SharePoint servers worldwide and have found that more than 400 are "actively compromised."

• Eye Security first discovered on the SharePoint vulnerability, which would give intruders the ability to access documents stored on servers and execute code, last week and started notifying potential victims.

• Microsoft issued a patch for all vulnerable versions of SharePoint late Monday, but researchers say they've observed the hackers also stealing machine keys that would allow them to re-enter devices even after they're patched.

What to watch: Researchers widely anticipate multiple hacking groups to target vulnerable SharePoint servers, even after they've been patched.

• That includes nation-states conducting espionage and cybercriminals interested in deploying ransomware.

Go deeper: Microsoft hack risk spreads as cybercriminals and nation-states pile in